On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

For a detailed description of the updates please see the following Knowledge Base articles:

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

For a detailed description of the updates please see the following Knowledge Base articles:

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

For a detailed description of the updates please see the following Knowledge Base articles:

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

For a detailed description of the updates please see the following Knowledge Base articles:

Microsoft is upgrading the multi-engine protection in all Forefront server security products to support a newer version of the antivirus engine.The newer version will provide customers with improved scanning times and reduced signature file size. The new engine replaces the older engine.

This new engine publishes update files in a subdirectory – the first engine in the Forefront engine mix to do so.In order to accommodate this new publishing model, Microsoft is releasing a series of roll-ups that will:

•Include the new antivirus engine

•Ensure that any engine that publishes update files in a subdirectory will update correctly

Microsoft is upgrading the multi-engine protection in all Forefront server security products to support a newer version of the antivirus engine.The newer version will provide customers with improved scanning times and reduced signature file size. The new engine replaces the older engine.

This new engine publishes update files in a subdirectory – the first engine in the Forefront engine mix to do so.In order to accommodate this new publishing model, Microsoft is releasing a series of roll-ups that will:

•Include the new antivirus engine

•Ensure that any engine that publishes update files in a subdirectory will update correctly

Microsoft is upgrading the multi-engine protection in all Forefront server security products to support a newer version of the antivirus engine.The newer version will provide customers with improved scanning times and reduced signature file size. The new engine replaces the older engine.

This new engine publishes update files in a subdirectory – the first engine in the Forefront engine mix to do so.In order to accommodate this new publishing model, Microsoft is releasing a series of roll-ups that will:

•Include the new antivirus engine

•Ensure that any engine that publishes update files in a subdirectory will update correctly

Microsoft is upgrading the multi-engine protection in all Forefront server security products to support a newer version of the antivirus engine.The newer version will provide customers with improved scanning times and reduced signature file size. The new engine replaces the older engine.

This new engine publishes update files in a subdirectory – the first engine in the Forefront engine mix to do so.In order to accommodate this new publishing model, Microsoft is releasing a series of roll-ups that will:

•Include the new antivirus engine

•Ensure that any engine that publishes update files in a subdirectory will update correctly

The basic symptom is that antivirus engine updates fail. If you are experiencing this problem, please refer to the Microsoft support KB article #2410444 for information on how to resolve the problem. The KB will guide you through steps that will enable FSE to use the previous version of the antivirus engine and updates until a permanent fix is created.

If you continue having problems after trying the measures in the KB article, you should contact CSS for additional help.

The basic symptom is that antivirus engine updates fail. If you are experiencing this problem, please refer to the Microsoft support KB article #2410444 for information on how to resolve the problem. The KB will guide you through steps that will enable FSE to use the previous version of the antivirus engine and updates until a permanent fix is created.

If you continue having problems after trying the measures in the KB article, you should contact CSS for additional help.

The basic symptom is that antivirus engine updates fail. If you are experiencing this problem, please refer to the Microsoft support KB article #2410444 for information on how to resolve the problem. The KB will guide you through steps that will enable FSE to use the previous version of the antivirus engine and updates until a permanent fix is created.

If you continue having problems after trying the measures in the KB article, you should contact CSS for additional help.

The basic symptom is that antivirus engine updates fail. If you are experiencing this problem, please refer to the Microsoft support KB article #2410444 for information on how to resolve the problem. The KB will guide you through steps that will enable FSE to use the previous version of the antivirus engine and updates until a permanent fix is created.

If you continue having problems after trying the measures in the KB article, you should contact CSS for additional help.

Customers have been asking about how to best defend against the new e-mail virus Worm:Win32/VB.WF. This virus uses a link in the message body that looks like a link to a PDF file but is actually a link to a *.scr file. When you click the link, it begins sending e-mails using the GAL or contacts. (Information about the virus can be found on the Microsoft Malware Protection Center.)

If you are using the Cloudmark antispam engine in Forefront Protection 2010 for Exchange Server (FPE) or Antigen 9.2 AND your engine updates are up-to-date, your environment should be protected from this virus. If you are using Forefront Security for Exchange Server (FSE) or are not using the antispam features in FPE or Antigen, you can block these virus e-mails in several ways:

1.During the Transport scan (Messages in Transport):

·Subject line filtering on FPE (FSE doesn’t provide subject line filtering on the Transport Scan Job. This also assumes the messages do not contain an AV stamp.) The subject line of the e-mail is typically “Here you have”. You should create a subject line filter to block/delete messages using this subject line.

·Exchange Transport rules. You can use Exchange transport rules to block messages based on their subject line.

2.During the Mailbox scan (Messages in transit at the Store level via the Realtime scan job as well as cleaning up what’s already in the Store via the Scheduled scan job.)

Note: If you are using FPE, be sure to disable the “Scan only messages with attachments” option, which is enabled by default, so that it will actually scan and remove these e-mails as they do not contain attachments and will be overlooked if this option is not disabled. You should also be aware of the “Scan only messages received in the last” configuration if you plan on running these scans this weekend. By default, the Scheduled scan will only scan messages received within the past 2 days and may miss these messages depending on when you run or schedule the scan.

Customers have been asking about how to best defend against the new e-mail virus Worm:Win32/VB.WF. This virus uses a link in the message body that looks like a link to a PDF file but is actually a link to a *.scr file. When you click the link, it begins sending e-mails using the GAL or contacts. (Information about the virus can be found on the Microsoft Malware Protection Center.)

If you are using the Cloudmark antispam engine in Forefront Protection 2010 for Exchange Server (FPE) or Antigen 9.2 AND your engine updates are up-to-date, your environment should be protected from this virus. If you are using Forefront Security for Exchange Server (FSE) or are not using the antispam features in FPE or Antigen, you can block these virus e-mails in several ways:

1.During the Transport scan (Messages in Transport):

·Subject line filtering on FPE (FSE doesn’t provide subject line filtering on the Transport Scan Job. This also assumes the messages do not contain an AV stamp.) The subject line of the e-mail is typically “Here you have”. You should create a subject line filter to block/delete messages using this subject line.

·Exchange Transport rules. You can use Exchange transport rules to block messages based on their subject line.

2.During the Mailbox scan (Messages in transit at the Store level via the Realtime scan job as well as cleaning up what’s already in the Store via the Scheduled scan job.)

Note: If you are using FPE, be sure to disable the “Scan only messages with attachments” option, which is enabled by default, so that it will actually scan and remove these e-mails as they do not contain attachments and will be overlooked if this option is not disabled. You should also be aware of the “Scan only messages received in the last” configuration if you plan on running these scans this weekend. By default, the Scheduled scan will only scan messages received within the past 2 days and may miss these messages depending on when you run or schedule the scan.

Customers have been asking about how to best defend against the new e-mail virus Worm:Win32/VB.WF. This virus uses a link in the message body that looks like a link to a PDF file but is actually a link to a *.scr file. When you click the link, it begins sending e-mails using the GAL or contacts. (Information about the virus can be found on the Microsoft Malware Protection Center.)

If you are using the Cloudmark antispam engine in Forefront Protection 2010 for Exchange Server (FPE) or Antigen 9.2 AND your engine updates are up-to-date, your environment should be protected from this virus. If you are using Forefront Security for Exchange Server (FSE) or are not using the antispam features in FPE or Antigen, you can block these virus e-mails in several ways:

1.During the Transport scan (Messages in Transport):

·Subject line filtering on FPE (FSE doesn’t provide subject line filtering on the Transport Scan Job. This also assumes the messages do not contain an AV stamp.) The subject line of the e-mail is typically “Here you have”. You should create a subject line filter to block/delete messages using this subject line.

·Exchange Transport rules. You can use Exchange transport rules to block messages based on their subject line.

2.During the Mailbox scan (Messages in transit at the Store level via the Realtime scan job as well as cleaning up what’s already in the Store via the Scheduled scan job.)

Note: If you are using FPE, be sure to disable the “Scan only messages with attachments” option, which is enabled by default, so that it will actually scan and remove these e-mails as they do not contain attachments and will be overlooked if this option is not disabled. You should also be aware of the “Scan only messages received in the last” configuration if you plan on running these scans this weekend. By default, the Scheduled scan will only scan messages received within the past 2 days and may miss these messages depending on when you run or schedule the scan.

Customers have been asking about how to best defend against the new e-mail virus Worm:Win32/VB.WF. This virus uses a link in the message body that looks like a link to a PDF file but is actually a link to a *.scr file. When you click the link, it begins sending e-mails using the GAL or contacts. (Information about the virus can be found on the Microsoft Malware Protection Center.)

If you are using the Cloudmark antispam engine in Forefront Protection 2010 for Exchange Server (FPE) or Antigen 9.2 AND your engine updates are up-to-date, your environment should be protected from this virus. If you are using Forefront Security for Exchange Server (FSE) or are not using the antispam features in FPE or Antigen, you can block these virus e-mails in several ways:

1.During the Transport scan (Messages in Transport):

·Subject line filtering on FPE (FSE doesn’t provide subject line filtering on the Transport Scan Job. This also assumes the messages do not contain an AV stamp.) The subject line of the e-mail is typically “Here you have”. You should create a subject line filter to block/delete messages using this subject line.

·Exchange Transport rules. You can use Exchange transport rules to block messages based on their subject line.

2.During the Mailbox scan (Messages in transit at the Store level via the Realtime scan job as well as cleaning up what’s already in the Store via the Scheduled scan job.)

Note: If you are using FPE, be sure to disable the “Scan only messages with attachments” option, which is enabled by default, so that it will actually scan and remove these e-mails as they do not contain attachments and will be overlooked if this option is not disabled. You should also be aware of the “Scan only messages received in the last” configuration if you plan on running these scans this weekend. By default, the Scheduled scan will only scan messages received within the past 2 days and may miss these messages depending on when you run or schedule the scan.